Support logging for security groups

Bug #1787397 reported by Michael Iatrou
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
OpenStack Neutron API Charm
Fix Released
Wishlist
Vladimir Grevtsev
OpenStack Neutron Open vSwitch Charm
Fix Released
Wishlist
Vladimir Grevtsev

Bug Description

Add charm support for logging for security groups
https://docs.openstack.org/neutron/queens/admin/config-logging.html

Frode Nordahl (fnordahl)
Changed in charm-neutron-api:
status: New → Triaged
importance: Undecided → Wishlist
Ryan Beisner (1chb1n)
Changed in charm-neutron-api:
assignee: nobody → Vladimir Grevtsev (vlgrevtsev)
milestone: none → 18.11
Changed in charm-neutron-api:
status: Triaged → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to charm-neutron-api (master)

Fix proposed to branch: master
Review: https://review.openstack.org/603401

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix merged to charm-neutron-api (master)

Reviewed: https://review.openstack.org/603401
Committed: https://git.openstack.org/cgit/openstack/charm-neutron-api/commit/?id=707673bfc400ac31be143a3cae2f2b8837bac6f0
Submitter: Zuul
Branch: master

commit 707673bfc400ac31be143a3cae2f2b8837bac6f0
Author: Vladimir Grevtsev <email address hidden>
Date: Wed Sep 19 08:56:43 2018 +0200

    charm-helpers sync

    Change-Id: I6d3c5e7e7d3a5a9de48122506aeadf5ed6a6abca
    Related-Bug: #1787397

Revision history for this message
Ryan Beisner (1chb1n) wrote :

FYI, others can track the progress of this feature with the following gerrit topic:

 https://review.openstack.org/#/q/topic:bug/1787397+(status:open+OR+status:merged)

James Page (james-page)
Changed in charm-neutron-openvswitch:
status: New → In Progress
importance: Undecided → Wishlist
assignee: nobody → Vladimir Grevtsev (vlgrevtsev)
milestone: none → 18.11
Revision history for this message
Vladimir Grevtsev (vlgrevtsev) wrote :

Current issue status: change requests for enabling this in charms are ready and waiting for code reviews: https://review.openstack.org/#/c/602355/ & https://review.openstack.org/#/c/602780/

However, NSG logging feature is not fully working currently because of https://bugs.launchpad.net/neutron/+bug/1782576 , being backported to Ubuntu Cloud Archive now in scope of https://bugs.launchpad.net/cloud-archive/+bug/1795424.

So need to wait new neutron package to appear on Cloud Archive in "proposed" branch and test it manually in order to confirm that feature is working well.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to charm-neutron-api (master)

Reviewed: https://review.openstack.org/602355
Committed: https://git.openstack.org/cgit/openstack/charm-neutron-api/commit/?id=47a2b8fbb49178b28575e534d86189b2ca813303
Submitter: Zuul
Branch: master

commit 47a2b8fbb49178b28575e534d86189b2ca813303
Author: Vladimir Grevtsev <email address hidden>
Date: Tue Oct 9 11:41:09 2018 +0300

    Enable support for security group logging

    Add support to enable logging of security groups for
    OpenStack Queens or later; this feature is enabled via
    the neutron-api charm, with local configuration options
    provided in the neutron-openvswitch charm.

    The feature is only compatible with the openvswitch firewall
    driver and will not be enabled if this configuration option
    is not set in the neutron-openvswitch charm.

    This change is removing unnecessary Neutron config
    option "neutron_firewall_driver" since FW drivers are
    being handled on agents side (not on API server) since
    Mitaka release.

    Change-Id: Icadb055b2c5c3216b6d086b44a4823595b2baffa
    Closes-Bug: #1787397

Changed in charm-neutron-api:
status: In Progress → Fix Committed
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to charm-neutron-openvswitch (master)

Reviewed: https://review.openstack.org/602780
Committed: https://git.openstack.org/cgit/openstack/charm-neutron-openvswitch/commit/?id=40701500b5256f6e30ff31a0a8771eda99dda507
Submitter: Zuul
Branch: master

commit 40701500b5256f6e30ff31a0a8771eda99dda507
Author: Vladimir Grevtsev <email address hidden>
Date: Tue Oct 9 17:54:19 2018 +0300

    Enable support for security group logging

    Add support to enabling logging of security groups for
    OpenStack Queens or later; this feature is enabled via
    the neutron-api charm, with local charm configuration
    options to allow control of rate and burst limits and to
    set a local log output directory if require (allowing log
    data to be written to a separate partition for example).

    The feature is only compatible with the openvswitch firewall
    driver and will not be enabled if this configuration option
    is not set.

    Basic deployment tests changes is included here since
    nova-cloud-controller unit and relation was missing before,
    and it leads to CI constantly failing.

    Corresponding charm-helpers change:
    https://github.com/juju/charm-helpers/pull/228

    Change-Id: Id6ed09f714981e87838186d51a4f5e693bedb1d3
    Closes-Bug: #1787397
    Depends-On: https://review.openstack.org/602355

Changed in charm-neutron-openvswitch:
status: In Progress → Fix Committed
Revision history for this message
Ryan Beisner (1chb1n) wrote :

FYI - there ended up being an upstream bug with the feature, which is fixed, released and SRU'd for Queens. Placing bug links here for clarity. Many thanks!

https://bugs.launchpad.net/neutron/+bug/1796200

https://bugs.launchpad.net/neutron/+bug/1782576

https://bugs.launchpad.net/cloud-archive/+bug/1795424

David Ames (thedac)
Changed in charm-neutron-api:
status: Fix Committed → Fix Released
Changed in charm-neutron-openvswitch:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.